Critical Review: “Resilient Cybersecurity: Reconstruct Your Defense Strategy in an Evolving Cyber World” by Mark Dunkerley

When you need a book to cover all the bases for a security program, based on real world experiences, Mark D. has you covered.  Honestly, going into the read, I felt like I was embarking on another version of the standard (insert certification program) outline of cybersecurity strategy.  Instead, Mark begins pulling out rabbits on critical topics of how to approach AI, staff burnout, engineer retention to name a few.  This was refreshing.

The main intent of the book is to bridge the gap between traditional defense mechanisms and modern, resilience-based approaches to cybersecurity, which is crucial in today’s increasingly hostile digital environment. It’s an excellent reference with modern topics which can be pulled off the shelf whether you are creating a brand-new security program, repairing a damaged one or looking for solid background on emerging topics.  That said, the book does have limitations, particularly in its practical applicability and depth of technical analysis. The author does mitigate this by providing links to websites to dive deeper into topics. 

Strengths of the Book

1.        Timely Topic

The need for businesses to transition to more "resilient cybersecurity" strategies is particularly relevant, given the rise in sophisticated cyberattacks, such as ransomware, supply chain attacks, and the exploitation of zero-day vulnerabilities. Think “castle and moat” vs “Zero Trust” or the coming impact of regulation and the need to have a solid GRC program.  It was refreshing for Dunkerley emphasize on resilience over mere prevention. This is an important shift in thinking, especially in light of the fact that no system can be 100% secure. He asks us to focus on building systems that can withstand attacks and recover quickly.  In the age of distributed applications and workforces, threats can come from anywhere and control is near impossible.  As a result, this makes the content of the book timely and necessary for the current landscape.

2.        Holistic Approach

The topics of cybersecurity are presented from a broad perspective.  The author covers not just technological solutions but also organizational, human, and process-based approaches. Dunkerley dives into integrating cybersecurity into an organization’s overall strategy, emphasizing that security is not just about having the right technology but also the right culture and processes in place. I’ve not seen this topic included in your standard security texts.  Normally it glosses over the organizational aspects and focuses on technical and regulatory aspects.  Was refreshing to see.  

3.        Asks Security Leaders to Understand the Business, First

One of the standout features of the book is the constant reminder for security leaders and staff members to always think business first.  Learn how a dollar is generated and follow the flow within the company.  Set meetings with business leaders to understand their challenges and needs.  Keep a close pulse on future projects and endeavors to expand business.  In essence, be a partner and an asset to the company vs the office of “no” and risk mitigation. 

Conclusion: Great Book for the Shelf But Needs Depth

“Resilient Cybersecurity” covers a lot of territory in a short amount of time.  It provides the skeleton and roadmap to create or repair a security program.  Dunkerley gives us a readable book and articulates the importance of resilience over simple defense and offers a high-level view of how organizations can adapt to an increasingly hostile cyber environment. He covers the topic from a 360-degree perspective.  He incorporates technology, how you must get the organizational culture right and calls out the need to consider mental health. 

A caution is the lack of technical depth, deep dives into frameworks like Zero Trust which only get a third of a chapter.  The topic is only covered in a few pages.  Zero Trust is called out several times before and after but the reader is left with a fairly shallow understanding of how to leverage the principles effectively.  Kindervag’s 5 core principles come to mind.  Also how to measure Zero Trust maturity for a company.

That said, it’s an otherwise excellent reference book which I will keep pulling off the shelf for a primer on cybersecurity topics.  If you are a security leader, recommend grabbing a copy for yourself or your team!